Page MenuHomeFreeBSD

devel/upp: update to 11873
ClosedPublic

Authored by fernape on Jun 26 2018, 6:14 PM.

Details

Summary

Sent via PR 227414
Maintainer already timed out

I had to add -msse2 to make it compile in i386

Test Plan
  • portlint -AC OK
  • poudriere builds for {10.4,11.1}{amd64,i386}, 12i386 OK
  • run test in 11.1 amd64 OK

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 17767
Build 17554: arc lint + arc unit

Event Timeline

fernape created this revision.Jun 26 2018, 6:14 PM

You should first commit an entry to vuln.xml: https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html (you can prepare the change in this review here so that it is all together)

There is a shorthand for the Makefile logic: CXXFLAGS_i386= -msse2

fernape updated this revision to Diff 44490.Jun 26 2018, 8:55 PM
  • Simplify usage of architecture specific CXXFLAGS
  • Add vuxml entry. There was already an entry for the SQLite sec. advisory. I based mine on that one.
mat added inline comments.Jun 27 2018, 11:13 AM
devel/upp/Makefile
132

or add -o -name '*.orig' to the find(1) speficications just above.

fernape updated this revision to Diff 44532.Jun 27 2018, 4:24 PM

Improve handling of .orig files.

fernape marked an inline comment as done.Jun 27 2018, 4:24 PM
tcberner added inline comments.Jun 30 2018, 7:08 AM
security/vuxml/vuln.xml
67

^ this would affect the new version too

fernape added inline comments.Jun 30 2018, 9:02 AM
security/vuxml/vuln.xml
67

The new version has it fixed with files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

you misunderstood; i mean this

> pkg audit -f security/vuxml/vuln.xml `make -VPKGNAME -C devel/upp`
upp-11873 is vulnerable:
SQLite -- Corrupt DB can cause a NULL pointer dereference
CVE: CVE-2018-8740
WWW: https://vuxml.FreeBSD.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html

1 problem(s) in the installed packages found.
fernape updated this revision to Diff 44727.Jul 1 2018, 6:32 PM

Fix vuxml entry.

you misunderstood; i mean this

:O yes, I did! :-)

I fixed the vuxml entry.

> pkg audit -f security/vuxml/vuln.xml `make -VPKGNAME -C devel/upp`
upp-11873 is vulnerable:
SQLite -- Corrupt DB can cause a NULL pointer dereference
CVE: CVE-2018-8740
WWW: https://vuxml.FreeBSD.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html
1 problem(s) in the installed packages found.
tcberner accepted this revision.Jul 15 2018, 8:44 AM

Looks good to me.

This revision is now accepted and ready to land.Jul 15 2018, 8:44 AM
This revision was automatically updated to reflect the committed changes.